DE102011004469A1 - Method and device for securing location-based messages by means of location-based key infrastructures - Google Patents

Abstract

The present invention relates to a method and a device for securing location-related messages which are transmitted by a provider to a large number of recipients and receiving devices that change over time in a large number of locality areas. The invention is characterized in that key certificates for signed messages are only issued in a location-related manner and are therefore only valid in a specific, defined local environment.

Description

The present invention relates to a method and apparatus for securing location-based messages.

Conventional technologies allow a location-based display and provision of information and its possibly additionally referenced further contents. This information can be assigned to a recipient circle defined by the creator, whereby the recipient can also be the creator. Authentication of the recipients plays an important role in this case, for example if specific or security-relevant messages that are comparable, for example, with digital postits, are left in certain places. The authentication of the user is a known problem and can be solved for example by means of identity-based systems.

However, there are also scenarios in which the authenticity of the location-based message also plays an important role. Thus, for example, in the industrial and energy environment, warning messages are relevant within a certain critical location and their authenticity is very important. Similarly, in hospital and airport infrastructures, authentic location-based information is required for security and operational personnel and must be of legitimate origin. In the scenarios described, a frequent change in personnel and equipment is assumed, so that a very large and dynamically changing user group must be adopted, which must be able to rely on the authenticity of the messages.

Conventionally, in the case of location-based services, an identity-based authentication of a user, that is to say based on information such as his name or personnel number, has been foregrounded in order not to forward messages to unauthorized persons.

The US 2009/0077620 A1 discloses location-based access restrictions in which authentication and authentication are performed based on the present locations. The authenticity of the messages is implied by a correct addressing of the location-based service.

Furthermore, identity-based PKI methods, that is to say public key infrastructures, that is to say public-key infrastructures, are generally known, which assign the identity of the user to the private key in a secure manner.

It is an object of the present invention to provide a method and a device for securing messages that are transmitted from a provider to a plurality of temporally changing recipient persons and recipient devices in each of a plurality of localities spaces. For example, in the industrial, energy, airport or hospital environment, authentic location-relevant information of legitimized origin should only be accessible to an authorized group of recipients in a relevant locality area.

A locality space is here a space that is clearly limited in terms of its spatial dimensions and can be determined by means of corresponding points, lines or surfaces. A locality space can be determined as a mathematical point, a mathematical area or as a mathematical space in a three-dimensional coordinate system. A locality space may be determined by means of boundary points, borderlines or interfaces. Concrete examples of locality spaces may be certain rooms or floors in buildings. Such buildings can be buildings of factories, power plants, airports or hospitals. A locality space can be entered by a large number of persons who change over time.

Likewise, a variety of different communication devices may be used by the persons.

The object is achieved by a method according to the main claim and a device according to the independent claim.

According to a first aspect, a method of securing a plurality of location-related messages transmitted by at least one provider to a plurality of time-varying receivers and / or time-varying receiver devices in at least one specific location space is claimed in the following steps. By means of the provider executed transfer of each a signature to prove the authorship of the respective provider and its affiliation with the message having messages to at least one specific locality space. By means of at least one key provider, provision of public key certificates valid for the particular locality space for the respectively determined locality space. Checking the signature of each received message by means of the bowl certificates and verifying or falsifying the respective message according to a result of the checking.

According to a second aspect, an apparatus for carrying out a method for securing a plurality of location-related Messages claimed with the following facilities. At least one provider transmission device for transmitting the messages to a plurality of temporally changing receiver persons and / or time-varying receiver devices in at least one specific location space, each message having a signature for proving the authorship of the respective provider and its affiliation with the respective message message. At least one key provider transmission device for providing public key certificates valid for the respective particular locality space for the respectively determined locality space. A verifying means for verifying, by means of the key certificates, the signature of each received message and verifying or falsifying the respective message according to a result of the verifying.

A method according to the invention enables provision of authentic location-based messages through the use of location-based key infrastructures. Messages are protected with an identity-based key and a local scope of the key is set.

To use location-based services in critical infrastructures and sensitive environments requires a dedicated security concept. Due to the locality of stored messages and information, a security concept must also be designed location-based. Such a security concept can be realized with a method according to the invention and a device according to the invention.

According to the invention, it has been recognized that location-based information is used in key infrastructures to protect location-based messages. In this way, keys can be issued in a location-specific manner, which thus apply in a specific defined local environment of a scope of a stored message. The information protected with this key material is thus tied to the respective locality.

Use of a method or apparatus according to the invention may extend to all location-based services that are used, for example, in infrastructure and industrial environments.

Complex geographic units can be modeled in detail using a method according to the invention, for example buildings, industrial areas or airport infrastructures, for the protection of counterfeit messages from outside.

Using a public key method, called a public key method, provides accessibility to broad and dynamically changing user groups. In addition, public key infrastructures (PKIs) enable a fluid transition from location-based to identity-based infrastructures.

Further advantageous embodiments are claimed in conjunction with the subclaims.

According to an advantageous embodiment, the key certificates may be assigned time periods for which the key certificates are valid.

According to a further advantageous embodiment, the durations may be regular and / or repeated daily.

According to a further embodiment, the key certificates can each be assigned a location-time history for which the key certificate is valid. Alternatively or cumulatively, the key certificates may be assigned a time-varying locality space for which the key certificates are valid. For example, a location space may change in time with respect to its location and / or size.

According to a further advantageous embodiment, additional information can be assigned to each of the key certificates, where these key certificates and / or further key certificates are valid.

According to a further advantageous embodiment, a key certificate can in each case be assigned additional information in which type of transmission of this key certificate is valid.

In accordance with a further advantageous embodiment, the transmission of the messages to the at least one locality space carried out by the provider can be carried out according to a first request made to the provider by means of a receiver device.

According to a further advantageous embodiment, the first request may include whether messages are available for the locality room at a time.

According to a further advantageous embodiment, the running of a key provider provided providing valid for the respective Lokalitätsraum public Key certificates for each locality space after a carried out by means of a receiver device second requests to the key provider done.

According to a further advantageous embodiment, the second request may include whether there are valid public key certificates for the locality room at a time.

According to a further advantageous embodiment, a check of the validity of the provided key certificates with regard to the correct location space can be carried out.

According to a further advantageous embodiment, a check of the validity of the provided key certificates with regard to the correct time duration can be carried out.

According to a further advantageous embodiment, the key certificate may have a signature for proving the authorship of the respective key provider and its affiliation with the respective key certificate.

According to a further advantageous embodiment, the provider may be the key provider.

According to a further advantageous embodiment, the key certificate valid for a location space may have a reference to a location description structure for identifying the location space in a plurality of location spaces.

According to a further advantageous embodiment, the location description structure can be a vector graphic supplemented by absolute location coordinates.

According to a further advantageous embodiment, the reference may have a signature for proving the authorship of the location description structure and its affiliation with the respective reference.

According to a further advantageous embodiment, the location description structure can additionally assign a further security algorithm to each key certificate valid for a location space.

According to a further advantageous embodiment, the provision of public key certificates valid for the respective locality space for the respective locality space can only be carried out if an identity of a recipient person and / or a recipient device has additionally been verified.

According to a further advantageous embodiment, the plurality of location-related messages may be dynamic data for executing programs in respective receiver devices in the particular location spaces.

According to a further advantageous embodiment, an execution of a program may comprise an authorized transmission by means of a transmitting device associated with the respective receiver device.

According to a further advantageous embodiment, a request device assigned to the receiver device can be provided for inquiring at the provider as to whether there are messages for the receiver device within a locality space at a time.

In accordance with a further advantageous embodiment, the provider transmission device can be provided for the transmission of existing messages executed on the request, whereby these can be supplemented by a signature for proving the authorship of the provider and its affiliation with the messages.

According to a further advantageous embodiment, the request device assigned to the receiver device can be provided for querying a key manufacturer as to whether valid public key certificates are available for the local area at the time.

According to a further advantageous refinement, the key providing device can be provided for transmitting or sending public key certificates valid for the local area to the recipient device.

According to a further advantageous refinement, the receiver device can be provided with the result of checking for the signature of each received message executed by means of the key certificates in order to verify or falsify the respective message.

According to a further advantageous embodiment, the receiver device can be provided for checking the validity of the received key certificates with regard to the correct locality space and the correct time.

The present invention will be described in more detail by means of exemplary embodiments in conjunction with the figures. Show it:

1 a first embodiment of a method according to the invention;

2 an embodiment of a signed reference to a location description structure.

1 shows an embodiment of an inventive. Process. 1 shows an embodiment of a verification of a digital graffiti message by means of location-based key infrastructures. If, for example, a so-called digital graffiti message N _L from provider A is deposited at a specific locality or a specific locality space L, this is supplemented by a signature S _A. A receiver E can now use a locksmith service to request the public key valid at the location L at a time t, and receives, for example, a key certificate Z _AL in a verification of the message N _L the receiver E validates the key certificate Z _AL with regard to the location L and other conventional parameters, such as a validity period of the key certificate. If a check of the certificate and the message signature shows that the respective message N _{L is} verified, the recipient E processes the local area L with the message NL. For example, the content can be displayed or a multimedia message can be read out. According to 1 For example, in a first step, a request from a recipient E in a specific location space L to a provider A can be made as to whether there are messages N for the location space L at a time t. Such a request is in 1 with N _L (t)? characterized. Subsequent to such a request to the provider A, he sends in a second step a signed with a digital signature S _A message N _L for the time t for the locality space L is determined. The signed message N _L can be stored, for example, in the locality space L or read out directly by the receiver E after the following two steps have been performed. The third step is a query as to whether key certificates Z for the requesting location space L for a time t are present. Such a request for a location-based key service OS is Z _L (t)? expressed. In response to such a request, the location-based key service OS or the key provider SB transmits or sends corresponding key certificates (L, t, Z _AL ) and additionally (L, t, Z _BL ), for example. In principle, key certificates can be provided in each technical embodiment in the corresponding location space. For example, key certificates may already be stored or stored in the locality room. If the required key certificates, specifically Z _AL for the message N _L signed with the digital signature S _A , are present in the specific locality space L, the verified message N _{L can be} verified and read out. The location information entered in the key certificate can also be coupled in conjunction with associated times so that the information at the location can only be validated at certain times. Furthermore, the location and time couplings can also be designed as routes, as a kind of "moving certificates", so that the information can move at certain times in certain places and only there is valid. Certain locations may be determined by a defined volume, for example, as a particular area in a particular floor for which a key certificate Z is valid. A locality space or a locality location or a locality volume does not have to be described statically with absolute coordinates and must be firmly positioned in a defined environment. Locality space or locality volumes may also change in time, for example, in terms of position and size and shape. Examples may be a package in an airplane or car or a digital graffiti associated with a position of a moving car. In this way, for example, error messages or consumption values of the car can be detected. The location of a locality space can therefore be linked to the car and its position.

The location-based relationship also allows more extensive. Information in the key certificate, such as a local spread, a warning area in which the verification is successful, but the recipient E or user a warning message is displayed that the key certificate is on the edge of a permitted area, height information, such as a validity of Single-level certificate, references to certificates of surrounding cells or volumes, overlapping structures where two different key certificates are valid in one place, access service and infrastructure information if, for example, a digital graffiti message is only valid at a particular location, if that one via a secure Wi-Fi connection.

2 shows a key certificate Z _AL , which is valid only for a locality space L, which has been determined by means of a reference R _L on a location description. Such a location description may be provided as a location description structure provided, for example, as a vector graphic supplemented by absolute location coordinates. Such a scalable Vectorgraphic SVG is a mathematical locale description structure that uses abstract data over a Entity of localities L can be derived from geographical data of the totality of a plurality of localities L space. 2 shows on the right side an airport complex whose geographical data are available. In a first step S1, the geographical data is transformed into abstract data of the totality of the localities L, which is expressed in a second step S2, for example in the scalable vector graphic SVG as a description of the totality of the plurality of localities L space. The location or locality L for which the certificate Z _{AL is} valid is determined by means of the reference R _L on the location description structure SVG. In addition, the key certificate Z _AL can be signed with a signature S _AZ . Likewise, the reference R _L may be signed with a signature S _AR . In this way, an authorship of a respective provider A and its affiliation with the respective signature S _AZ can be demonstrated. Likewise, authorship of a respective location description and its affiliation with the respective reference R _L can be proven. Ie. In order to be able to demarcate equally fine granular or locally more complex demarcated areas into key certificates, premises are separately described and signed by signed structures. Such an embodiment shows 2 , Such building structures are then provided only once and referenced by the respective key certificates. The advantage is that the complex structures for location description only need to be downloaded and verified once. In the key certificates then only the reference must be checked. As a description format, for example, vector graphic formats such as SVG (scalable vector graphics) can be used, which can be supplemented by absolute location coordinates. 2 shows signed references to locality descriptions. Furthermore, a location description can also be coupled with a different security policy, so that, for example, the weaker algorithms or security requirements come to bear on more outer areas of a bank or airport, but in more critical internal infrastructures higher security requirements apply. Mutual certification of identity-based and location-based certification services can be done, for example, by means of a cross certification or by means of a common root certification authority. A storage of location information and location references can be done, for example, in so-called X.509 certificates using location-specific attributes, which are only evaluated by verification functions that support location information. In addition to the authenticity of static information, the authenticity of dynamic data also plays a role, such as so-called applets, which should only be executed at specific locations or at certain times. For example, signaling systems can also be downloaded as an applet on mobile devices in the future. In case of emergency, these applets then receive information about fires or rampages. So that the information can only be recorded in the right places and not by unauthorized persons, a safeguard can be carried out by means of methods according to the invention.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• US 2009/0077620 A1 [0005]

Claims (28)

A method of securing a plurality of location-based messages (N) transmitted by at least one provider (A) to a plurality of time-varying recipient entities and / or time-varying recipient entities (E) in at least one particular location space (L), comprising the steps of - carried out by means of the provider (A) transmitting the respective signature (S) to prove the authorship of the respective provider (A) and its affiliation with the respective message (N) having messages (N) to at least one specific location space (L); - Provided by at least one key provider (SB) running provided for the particular locality space (L) valid public key certificates (Z) for the particular locality space (L); Checking the signature (S) of each received message (N) by means of the key certificates (Z) and verifying or falsifying the respective message (N) according to a result of the checking. A method according to claim 1, characterized in that the key certificates (Z) time periods are assigned, to which the key certificates (Z) are valid. A method according to claim 2, characterized in that the time periods are regular and / or repeated daily. Method according to one of the preceding claims, characterized in that the key certificates (Z) is assigned a location-time history or a temporal change of the locality space, for example in size and position, to which the key certificates (Z) are valid. Method according to one of the preceding claims, characterized in that the key certificates (Z) additional information is assigned, where these key certificates (Z) and / or further Schlussizertifikate (Z) are valid. Method according to one of the preceding claims, characterized in that the key certificates (Z) is associated with additional information with which type of transfer these key certificates (Z) are valid. Method according to one of the preceding claims, characterized in that the transmission of the messages (N) to the at least one locality space (L) carried out by the provider (A) is performed according to a first request to the provider (A) carried out by means of a receiver device (E). he follows. Method according to Claim 7, characterized in that the first request comprises whether there are messages (N) for the location space (L) at a time (t). Method according to one of the preceding claims, characterized in that by means of the one key provider (SB) provided by the respective locality space (L) valid public key certificates (Z) by means of their transmission to the respective locality space (L) to one by means of a receiver device (E) second requests made to the key vendor (SB). Method according to Claim 9, characterized in that the second request comprises whether there are valid public key certificates (Z) for the location space (L) at a time (t). Method according to one of the preceding claims, characterized by checking the validity of the provided key certificates (Z) with regard to the correct location space (L). Method according to one of the preceding claims 2 to 11, characterized by checking the validity of the provided key certificates (Z) with regard to the correct time period. Method according to one of the preceding claims, characterized in that the key certificate (Z) has a signature (S) for proving the authorship of the respective key provider (SB) and its affiliation with the respective key certificate (Z). Method according to one of the preceding claims, characterized in that the provider (A) is the key provider (SB). Method according to one of the preceding claims, characterized in that the key certificate (Z) valid for a location space (L) has a reference (R) to a location description structure for identifying the location space (L) in a plurality of location spaces (L). A method according to claim 15, characterized in that the location description structure is a vector graphic supplemented by absolute location coordinates. A method according to claim 15 or 16, characterized in that the reference (R) is a signature (S) for the proof of authorship of Locality description structure and their affiliation to the respective reference (R) has. Method according to one of the preceding claims 15 to 17, characterized in that the locality description structure additionally assigns a further security algorithm to each key certificate (Z) valid for a location space (L). Method according to one of the preceding claims, characterized in that the provision of valid for the respective locality space (L) public key certificates (Z) for the respective locality space (L) is carried out only if additionally an identity of a recipient person and / or a receiver device ( E) was verified. Method according to one of the preceding claims, characterized in that the plurality of location-related messages (N) are dynamic data for executing programs in respective receiver devices in the particular location spaces (L). A method according to claim 20, characterized in that an execution of a program comprises an authorized transmission by means of a respective receiver device associated transmitting device. Apparatus for carrying out a method for securing a plurality of location-related messages (N) according to one of the preceding claims, with - At least one provider transmission device (A) for transmitting the messages (N) to a plurality of temporally changing receiver persons and / or time-varying receiver devices (E) in at least one specific location space (L), each message (N) a signature (S) for proof of authorship of the respective provider (A) and its affiliation with the respective message (N) having messages (N); - at least one key providing device (SB) for providing valid for the particular locality space (L) public key certificates (Z) for the particular locality space (L); A checking device for checking the signature (S) of each received message (N) by means of the key certificates (Z) and verifying or falsifying the respective message (N) according to a result of the checking. Apparatus according to claim 22, characterized by a request device (E) for requesting from the provider whether the receiver device (E) has messages (N) within a locality space (Li) at a time (T). Apparatus according to claim 22 or 23, characterized by the provider transmission means for the transmission of messages (N) carried out on the request, supplemented by a signature (S) for proving the authorship of the offeror and its affiliation with the messages (N). Apparatus according to claims 22 to 24, characterized by the requesting device (E) associated with the requesting device at a key provider, whether for the locality space (L) at the time (T) valid public key certificates (Z) are present. Device according to claims 22 to 25, characterized by the key providing device (SB) for the transmission of public key certificates (Z) valid for the locality space (L) to the receiver device (E), performed on the request. Apparatus according to claims 22 to 26, characterized by the receiver means (E) for verifying by means of the key certificates (Z) the signature (S) of each received message (N) and verifying or falsifying the respective message (N) according to a result of the checking. Apparatus according to claim 22 to 27, characterized by the receiver means (E) for checking the validity of the received key certificates (Z) with regard to the correct location space (L) and the correct time (T).

Images